Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-1557

Overview

Vulnerability Score 7.6 7.6
CVE Id CVE-2003-1557
Last Modified 05 Sep 2008 04:37:14
Published 31 Dec 2003 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2003-1557

Summary

Off-by-one buffer overflow in spamc of SpamAssassin 2.40 through 2.43, when using BSMTP mode ("-B"), allows remote attackers to execute arbitrary code via email containing headers with leading "." characters.

Vulnerable Systems

Application

  • Spamassassin 2.40

  • Spamassassin 2.41

  • Spamassassin 2.42

  • Spamassassin 2.43


References

BID - 6679

XF - spamassassin-spamc-offbyone-bo(11154)

BUGTRAQ - 20030204 Re: GLSA: Mail-SpamAssasin

GENTOO - GLSA-200302-01

SECUNIA - 7983

BUGTRAQ - 20030123 SpamAssassin / spamc+BSMTP remote buffer overflow


Last Updated: 27 May 2016 10:38:24